Generates a short-lived X509 certificate containing the provided public key and signed by a private key specific to the target instance. Users may use the certificate to authenticate as themselves when connecting to the database.
HTTP request
POST https://sqladmin.googleapis.com/sql/v1beta4/projects/{project}/instances/{instance}:generateEphemeralCert
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
project |
Project ID of the project that contains the instance. |
instance |
Cloud SQL instance ID. This does not include the project ID. |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "public_key": string, "access_token": string, "readTime": string, "validDuration": string } |
| Fields | |
|---|---|
public_key |
PEM encoded public key to include in the signed certificate. |
access_token |
Optional. Access token to include in the signed certificate. |
readTime |
Optional. Optional snapshot read timestamp to trade freshness for performance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
validDuration |
Optional. If set, it will contain the cert valid duration. A duration in seconds with up to nine fractional digits, ending with ' |
Response body
Ephemeral certificate creation request.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"ephemeralCert": {
object ( |
| Fields | |
|---|---|
ephemeralCert |
Generated cert |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/sqlservice.admin
For more information, see the Authentication Overview.